Confidentiality in a very strong sense. Ciphers reaching perfect-secrecy can't be broken to disclose informations over the plaintext from the ciphertext, even with unlimited computing power. The most known example cipher reaching perfect screcy is the one-time-pad.
Questions tagged [perfect-secrecy]
183 questions
9
votes
5 answers
Perfectly secret cipher can leak about the key?
As defined by Shannon, a cipher is perfectly secure if ciphertext leaks no information about the plain text.
Under this definition, can ciphertext leak something about the key? Are there any ciphers for which this is true?
Pratik Soni
- 133
- 1
- 8
8
votes
1 answer
Does Shannon perfect secrecy imply a deterministic encryption algorithm?
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c \leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$…
user308485
- 203
- 1
- 3
4
votes
2 answers
Perfect Secrecy for two distinct messages
We say that and encryption scheme $\pi$ is perfectly secret for two distinct messages, if for all distributions over $\mathcal{M}\times\mathcal{M}$ ($\mathcal{M}$ is the message space), for all $m_1,m_2\in\mathcal{M}$ such that $ m_1\ne m_2$ and all…
A-P
- 175
- 4
3
votes
2 answers
Almost (epsilon) perfect secrecy - lower bound of keyspace size
As a newcomer to cryptography, I'm working on Exercise 2.12 in the book, Introduction to Modern Cryptography.
Using the proof of the theorem that says if $E$ is a perfectly secret encryption scheme, then $\lvert K\rvert \geq \lvert M\rvert$),
I've…
Jung
- 31
- 1
3
votes
3 answers
What is perfect secrecy?
I read some similar questions like Simply put, what does “perfect secrecy” mean?
(This one defines perfect secrecy as ciphertext conveys no information about the content of the plaintext.
Now, problem 2.3 on this assignment asks:
show that perfect…
sam
- 133
- 1
- 5
3
votes
2 answers
For perfect secrecy, does the keyspace need to be uniform?
The definition of perfect security is just that:
$Pr(M =m | C=c) = Pr(M=m)$. We can prove that one time pad is perfectly secure for any distribution on a message space $M$, and it happens to be that the keyspace $K$ has a uniform distribution. Does…
eternalmothra
- 395
- 1
- 10
3
votes
1 answer
Epsilon Perfect Secrecy: Size of Key Space
I am solving a homework problem which defines $(1-\epsilon)$-perfect secrecy as the secrecy satisfied by the encryption scheme when the following inequality holds
$\Pr[M=m\mathrel|C=c]\leq (1+\epsilon)\Pr[M=m]$
Then the problem asks us to prove that…
steve6617
- 31
- 2
3
votes
1 answer
Prove that a given encryption scheme is perfectly secret
I'm studying for an upcoming test and I can't figure out the following sample question:
Let $\Pi = (\operatorname{Gen}, \operatorname{Enc},
\operatorname{Dec})$ be an encryption scheme with key space $\mathcal
K$, message space $\mathcal M$, and…
Matthew
- 43
- 1
- 5
3
votes
0 answers
Perfect secrecy is maintained for other plaintext prob distributions?
Suppose a cryptosystem achieves perfect secrecy for a particular plaintext probability distribution. Prove that perfect secrecy is maintained for any other plaintext probability distribution.
Having trouble starting this one. Just a hint to get…
Ucia
- 31
- 1
2
votes
1 answer
Proving two definitions of perfect security are equivalent
I'm trying to prove that the following two definitions are equivalent:
$\forall m\in M $ and $c\in C$ $\Pr[C=c \mid M=m]=\Pr[C=c]$
$\forall m_1,m_2 \in M $, $E_k(m_1)=E_k(m_2)$, where $E_k(m_i)$ stands for the distribution over $k$ of the…
Anon
- 403
- 1
- 8
2
votes
1 answer
Proving that a scheme is $\epsilon$-perfectly secret
I am currently trying to solve the following problem (2.18) from the book "Introduction to Modern Cryptography (3rd edition)" by Katz and Lindell:
Let $\epsilon > 0$ be a constant. Say an encryption scheme is $\epsilon$-perfectly secret if for every…
eee3
- 23
- 4
2
votes
1 answer
Perfect Indistinguishability in shift cipher
I have the following question:
Which of the following attackers can be used to demonstrate that the
shift cipher for 3-character messages does not satisfy perfect
indistinguishability?
Output m0 = 'aaa' and m1 = 'bbb'. Given challenge…
Lilz
- 153
- 8
2
votes
1 answer
Cryptography - Perfect secrecy $\implies$ adversarial indistinguishability - proof
I'm just starting out with cryptography now and have gone over the various defnitions for a perfectly secret cipher. One of the equvilant definitons is adversarial indistinguishability. When trying to prove the equivilance I had a bit of trouble…
TheFooBarWay
- 225
- 2
- 6
2
votes
0 answers
Proving that Perfect Secrecy implies Adversarial Indistinguishability wrt. probabilistic adversaries
In their book Introduction to Modern Cryptography, chapter 2, authors Katz and Lindell ask the reader to show that perfect secrecy is equivalent to adversarial indistinguishability as an exercise. I am self-studying their book, and I tried tackling…
DiscobarMolokai
- 163
- 1
- 1
- 8
2
votes
0 answers
Showing that perfect secrecy implies adversarial indistinguishability
I've been reading the proof in these slides, the last page, and the author is using the lemma:
$Pr[A(c)=1|M=m_0]=Pr[A(c)=1|M=m_1]$
I understand on the intuitive level that it's a consequence of the assumed perfect secrecy, but can someone provide a…
sel
- 325
- 1
- 9